Make WordPress Core

Changeset 57369


Ignore:
Timestamp:
01/28/2024 07:48:15 AM (9 months ago)
Author:
audrasjb
Message:

Coding Standards: Add missing escaping functions to WP_Customize_Control and WP_Customize_Nav_Menu_Location_Control.

Follow-up to [20295], [32806].

Props nareshbheda, shailu25, sabernhardt, audrasjb.
Fixes #60324.

Location:
trunk/src/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-control.php

    r56547 r57369  
    554554                    <?php
    555555                    foreach ( $this->choices as $value => $label ) {
    556                         echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . $label . '</option>';
     556                        echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
    557557                    }
    558558                    ?>
  • trunk/src/wp-includes/customize/class-wp-customize-nav-menu-location-control.php

    r45590 r57369  
    7878                <?php
    7979                foreach ( $this->choices as $value => $label ) :
    80                     echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . $label . '</option>';
     80                    echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
    8181                endforeach;
    8282                ?>
Note: See TracChangeset for help on using the changeset viewer.